Rotate disk encryption keys

Google Distributed Cloud (GDC) air-gapped appliance uses the Linux Unified Key Setup (LUKS) to encrypt data on disks. Each physical disk is turned into a logical volume, encrypted by LUKS, during the bootstrapping processing. LUKS requests an externally provided passphrase to decrypt and open the device.

This document describes the steps to rotate the LUKS passphrase that must be performed for:

regularly scheduled passphrase rotation.
passphrase exposure.

Before you begin

Complete the following steps:

Verify that you meet the laptop prerequisites.
Ensure that you can log in to the three nodes as a root user.

Rotate passphrase

Content restricted to approved operating partners. Contact your account manager for access to this page.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-02-26 UTC.